1647892b09
Implementation of two completed sprints: Sprint 1: Astra Linux Connector (SPRINT_20251229_005_CONCEL_astra_connector) - Research complete: OVAL XML format identified - Connector foundation implemented (IFeedConnector interface) - Configuration options with validation (AstraOptions.cs) - Trust vectors for FSTEC-certified source (AstraTrustDefaults.cs) - Comprehensive documentation (README.md, IMPLEMENTATION_NOTES.md) - Unit tests: 8 passing, 6 pending OVAL parser implementation - Build: 0 warnings, 0 errors - Files: 9 files (~800 lines) Sprint 2: E2E CLI Verify Bundle (SPRINT_20251229_004_E2E_replayable_verdict) - CLI verify bundle command implemented (CommandHandlers.VerifyBundle.cs) - Hash validation for SBOM, feeds, VEX, policy inputs - Bundle manifest loading (ReplayManifest v2 format) - JSON and table output formats with Spectre.Console - Exit codes: 0 (pass), 7 (file not found), 8 (validation failed), 9 (not implemented) - Tests: 6 passing - Files: 4 files (~750 lines) Total: ~1950 lines across 12 files, all tests passing, clean builds. Sprints archived to docs/implplan/archived/2025-12-29-completed-sprints/ 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
StellaOps Documentation
StellaOps is a deterministic, offline-first container security platform: every verdict links back to concrete evidence (SBOM slices, advisory/VEX observations, reachability proofs, policy explain traces) and can be replayed for audits.
Two Levels of Documentation
- High-level (canonical): the curated guides in
docs/*.md(usually numbered). - Detailed (reference): deep dives under
docs/**(module dossiers, architecture notes, API contracts/samples, runbooks, schemas). The entry point isdocs/technical/README.md.
This documentation set is internal and does not keep compatibility stubs for old paths. Content is consolidated to reduce duplication and outdated pages.
Start Here
| Goal | Open this |
|---|---|
| Understand the product in 2 minutes | overview.md |
| Run a first scan (CLI) | quickstart.md |
| Browse capabilities | key-features.md |
| Roadmap (priorities + definition of "done") | 05_ROADMAP.md |
| Architecture: high-level overview | 40_ARCHITECTURE_OVERVIEW.md |
| Architecture: full reference map | 07_HIGH_LEVEL_ARCHITECTURE.md |
| Offline / air-gap operations | 24_OFFLINE_KIT.md |
| Security deployment hardening | 17_SECURITY_HARDENING_GUIDE.md |
| Ingest advisories (Concelier + CLI) | 10_CONCELIER_CLI_QUICKSTART.md |
| Develop plugins/connectors | 10_PLUGIN_SDK_GUIDE.md |
| Console (Web UI) operator guide | 15_UI_GUIDE.md |
| VEX consensus and issuer trust | 16_VEX_CONSENSUS_GUIDE.md |
| Vulnerability Explorer guide | 20_VULNERABILITY_EXPLORER_GUIDE.md |
Detailed Indexes
- Technical index (everything):
docs/technical/README.md - Module dossiers:
docs/modules/ - API contracts and samples:
docs/api/ - Architecture notes / ADRs:
docs/architecture/,docs/adr/ - Operations and deployment:
docs/operations/,docs/deploy/,docs/deployment/ - Air-gap workflows:
docs/airgap/ - Security deep dives:
docs/security/ - Benchmarks and fixtures:
docs/benchmarks/,docs/assets/
Notes
- The product is offline-first: docs and examples should avoid network dependencies and prefer deterministic fixtures.
- Feature exposure is configuration-driven; module dossiers define authoritative schemas and contracts per component.